A spokeswoman for Target said that the ongoing forensic investigation indicates that intruders stole a vendor’s credentials, which were then used to access its systems. The company has not elaborated exactly what type of credentials were stolen, and from which vendor. The data leak resulting from this attack affects over 70 million Target customers, and in a bid to extend an olive branch, the retailer has already announced that it will offer one year of credit monitoring and identity theft protection to affected customers absolutely free. Earlier this week U.S. Attorney General Eric Holder confirmed that the Justice Department is also investigating the Target hack.